Lucene search
K

4412 matches found

Nuclei
Nuclei
added 15 hours ago11 views

Hoppscotch <= 2026.2.1 - Open Redirect

Hoppscotch = 2026.2.1 is vulnerable to a DOM-based open redirect on the /enter page. The redirect query parameter is passed directly to windowz location.href with no origin validation. Requires one additional query parameter to trigger. Exploited via a crafted URL such as...

6.1CVSS6.1AI score0.00401EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago94 views

Yonyou U8 13.0 - Cross-Site Scripting

Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.4AI score0.41454EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago12 views

VDO.Ninja - DOM-Based Cross-Site Scripting

VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. id: CVE-2025-62613 info: name: VDO.Ninja - DOM-Based Cross-Site Scripting author: 0xAkoko severit...

6.9CVSS6.2AI score0.01099EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-48254

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48260

Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48260). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser. Exploitation requires user interaction (victim visits a crafted page). CVSS v3.1: AV:N/AC:L/PR:L/UI:R...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-48262

Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48262). The issue involves manipulating the DOM to execute malicious JavaScript in the victim’s browser, with exploitation requiring user interaction (victim visits a crafted page). CVSS 3.1 base score 5.4 (Medium): A...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-48254

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-48254.

5.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57780

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...

6.5CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through = 3.9.4...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57814 WordPress Forminator plugin <= 1.55.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2026-57814

The CVE-2026-57814 entry concerns the WordPress Forminator plugin (forms forminator) with a DOM-based XSS vulnerability due to improper input neutralization during web page generation. Affected versions are Forminator

7.1CVSS6.1AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-57780

Technical details are not publicly provided in the connected documents. The description notes a DOM-based XSS in Envision Page Builder

6.5CVSS6.1AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57780 WordPress Envision Page Builder plugin <= 0.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...

6.5CVSS0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57409 WordPress Active Products Tables for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57409

The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57732 WordPress tagDiv Opt-In Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.4...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57365 WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57365

The CVE-2026-57365 entry concerns the WordPress plugin “reCAPTCHA (v2 & v3) for Asgaros Forum” (versions ≤ 1.1.0). According to the provided documents, the vulnerability is a DOM-based Cross-Site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The affe...

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder